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DETAILED ACTION 

1. This communication is responsive to the communication filed on 03/1 1/2009. 
Claims 1-11 are pending. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1 -1 1 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-3 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Fijolek et al. (US Patent 6,510,162) in view of view of Kompella. ( US Patent 
7,136,374). 

With regard to claim 1, Fijolek et al. discloses having an apparatus for routing 
packets from a first network node to a second network node in a data network, (Fijolek 
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et al. discloses having a cable modem termination system 12 in fig .1 in a cable 
network that is routing data from a from a cable modem interpreted as first 
network node" back to a cable modem ("second network node ", fig. 5); 
comprising: means for assigning and the sending first node identifier (ID) to the first 
node, wherein the first node ID unique identifies the first node; Fijolek et al. discloses 
having a cable modem termination system 12 in fig. 1 that assigns service 
identifiers (SIDs) interpreted as a unique "ID" to CM (cable modems) interpreted 
as a "first node" , see column 15 line 17-18). Fijolek et al. further discloses within 
MAC 44 SIDs are unique and the CMTS 12 may assign one or more SIDs to each 
CM 16, see col. 15 lines 14-20); means for receiving a packet from the first node, said 
packet from the unique first node, said packet including the unique first node ID, and 
including routing information for routing said packet to a destination address associated 
with said second node,( Fijolek et al. discloses having a packet format for a 
incoming packet being received form a CM (cable modem),see column 15 table 9 
and 10 line 25-67); means for examining the packet to identify the unique first node ID 
of the first node;( Fijolek et al. discloses the cable modem termination system 12 
(CMTS) have the means of examining incoming packets with service identifiers 
(SID), see column 15 lines 10-67). Fijolek et al. further discloses within MAC 44 
SIDs are unique and the CMTS 12 may assign one or more SIDs to each CM 16, 
see col. 15 lines 14-20); and means for using said unique first node ID, routing 
information (Fijolek et al. discloses having a unique service identifier (SID) 
corresponding to a cable modem (CM) and the SID and routing information 
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transmitted in a packet. Fijolek et al. further discloses within MAC 44 SIDs are 
unique and the CMTS 12 may assign one or more SIDs to each CM 16, see col. 15 
lines 14-20). 

However, the combination Fijolek et al. '162 does not discloses first node is 
associated with at least one VPN; mapping between the first node ID and the least one 
VPN, ( Kompella discloses configuring virtual private network identifiers 
interpreted as a "VPN" associated with customer edge devices identifier 1022 
interpreted as " node address" , see col. 13 lines 52-67 and fig. 10). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to associating a VPN identifier to a customer edge 
device as taught by Kompella into of Fijolek et al. system to provide a more scalable 
VPN infrastructure. 

With regard to claim 2, in combination Fijolek et al. ,and Kompella teaches the 
apparatus recited in claim 1 .Further comprising means for routing the packet to the 
second node, ( Fijolek et al. discloses in fig. 1 that the cable modem termination 
system 12 (CMTS) has the means to transmit a packet to a second CM (cable 
modem)interpreted as a "second node"). 
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With regard to claim 3, an apparatus for associating nodes in a data network 
with at least one virtual private network (VPN), the data network including an access 
network having at least one Head End device and a plurality of nodes the access 
network further including at least one shared access channel utilized by a first and a 
second node of the plurality of nodes to communicate with the Head End device, said 
apparatus comprising: means for assigning and then sending a first node ID to the first 
node(,( see fig. 1, Fijolek et al. discloses having a headend and a cable modem 
and a CPE interpreted as "plurality of nodes". Fijolek et al discloses having a 
CMTS 12 assigning MAC 44 service identifier (SID) interpreted as "first node ID", 
see col. 36 lines 49-62); means for receiving a-data from the first node in the access 
network, ( see fig.1 ) ; means for identifying, within the received data, the address and 
first node ID of the first node; and means for using said identified address, ( Fijolek et 
al. discloses CM 16 has assigned IP address being identified, see col. 22 lines 10. 
Fijolek et al. further discloses MAC address 44 as a client address, see col. 18 
lines 15-19). 

However, Fijolek et al. does not disclose having the means for mapping the 
assigned first node ID with at least one VPN, wherein the first node ID is assigned, sent, 
and mapped by an entity other than the first node; means for receiving an address for 
the first node that is associated with at least one VPN; and the mapping between the 
first node ID and the at least one VPN to determine whether said first node is 
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associated with at least one VPN, ( Kompeila discloses configuring virtual private 
network identifiers interpreted as a "VPN" associated with customer edge 
devices identifier 1022 interpreted as " node address" , see col. 13 lines 52-67 and 
fig. 10). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to associating a VPN identifier to a customer edge 
device as taught by Kompeila into of Fijoleket al. system to provide a more scalable 
VPN infrastructure. 

With regard to claim 10, a apparatus for configuring a Head End of an access 
network to route packets from a first node to a second node in the access network, 
Fijolek et al. discloses having a cable modem termination system 12 in fig 1 
located in a head end of cable system 26 ( fig. 1 ). the apparatus comprising: 
means for associating particular network nodes on the, access network with a 
first virtual private network (VPN) ; Fijoleck et al. further discloses having a virtual 
networking administration in a data-over-cable-system 10 (column 28 line 18-19); 
the means for assigning and then sending to the first node an unique identifier (ID), 
wherein the unique ID is assigned and sent to the first node by an entity other than the 
first node, wherein the unique ID uniquely identifies the first node; Fijolek et al. 
discloses having a cable modem termination system 12 in fig. 1 that assigns 
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service identifiers (SIDs) to CM (cable modems, column 15 line 17-18). . Fijolek et 
al. '162 further discloses within MAC 44 SIDs are unique and the CMTS 12 may 
assign one or more SIDs to each CM 16, see col. 15 lines 14-20); the means for 
associating the assigned ID with the first VPN to thereby cause the first node to be 
associated with the first VPN, wherein the assigned ID is associated by the entity other 
than the first node. Fijoleck et al. (6,577,642) discloses having a cable modem 
termination system 12 in fig. 1 that assigns service identifiers (SIDs) to CM (cable 
modems, column 15 line 17-18). 



However, Fijolek et al. means for mapping the assigned unique ID with at least 
on VPN, wherein the unique ID is assigned, sent and mapped by an entity other than 
the first node, ( Kompella discloses configuring virtual private network identifiers 
interpreted as a "VPN" associated with customer edge devices identifier 1022 
interpreted as " node address" , see col. 13 lines 52-67 and fig. 10). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to associating a VPN identifier to a customer edge 
device as taught by Kompella into of Fijolek et al. system to provide a more scalable 
VPN infrastructure. 
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5. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Fijolek et 
al. (US Patent 6,986,157) and Kompella. ( US Patent 7,136,374) as applied to claim 3 
above, and further in view of Rosen et al. ("BGP/MPLS VPNs' 1999). 

With regard to claim 4, in combination Fijolek et al. and Kompella teaches the 
apparatus in claim 3. further comprising means for mapping said first node to a 
particular sub-interface on the access network, ,( Rosen et al. discloses having a 
method in which a service provider with a IP backbone may provide VPNs (Virtual 
Private Networks) for its customers with MPLS (Multiprotocol Label Switching) is 
used for forwarding packets over the backbone (Abstract). Rosen et al. discloses 
that one could divide the interface into multiple "sub-interfaces"... and assign the 
packets to a VPN based on the on the sub-interface over which it arrives (page 7 
paragraph 3.1 line 11-17). 1 1 is inferred that this mechanism can be implemented 
in the node of the data-over-cable-system and that the head end also can limited 
to a particular VPN. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. assign the packets to a VPN based on 
the on the sub-interface over which it arrives as taught by Rosen et al. to provide a 
mechanism that will restrict packets access into VPNs that are not assigned to the 
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packet. 



6. Claims 5 and 6 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Fijolek et al. (US Patent 6,577,642) in view of f Rosen et al. 
("BGP/MPLS VPNs' 0 1999) and Kompella. ( US Patent 7,136,374) 

With regard to claim 5, Fijolek et al. discloses an apparatus for associating 
nodes in a data network with at least one virtual private network (VPN), the data 
network including an access network having at least one Head End device and a 
plurality Of nodes, the access network further including at least one shared access 
channel utilized by a first and a second node of the plurality of nodes to communicate 
with the Head End device, (Fijolek et al. discloses having a cable modem 
termination system 12 in fig 1 located in a head end of cable system 26 ( fig. 1). It 
is conventional that a cable modem termination system can operate as point-to- 
point or point-to- multipoint and that the cable modem are bi-directionally 
communicating with the head end. Fijolek et al. discloses having a virtual 
networking administration in a data-over- cable-system 10 using a network 
address and the first virtual networking tag stored in a virtual networking table 
associated with the second network device to provide selected first network 
devices a desired networking service on a virtual network via the data- over- 
cable-system (column 28 line 34-43); assigning and then sending an unique identifier 
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(ID ) to the first node and binding the unique ID of said first node wherein the unique ID 
is assigned, sent and then bound by an entity other than the first node, wherein the ID 
unique identifies the first node. Fijoleket al. discloses having a cable modem 
termination system 12 in fig. 1 that assigns service identifiers (SIDs) to CM (cable 
modems, column 15 line 17-18). Fijolek et al. further discloses having method 
and system for virtual network administration with data-over cable system ( tile). 
In addition, Fijolek et al. discloses first networking devices includes a virtual 
network tag (" mapping at least on VPN") and a network address( "first node ID", 
column 28 line 22-43). 



Fijolek et al. does not discloses said apparatus comprising: means for determining 
whether said first node is a member of at least one VPN, ( Rosen et al. discloses 
having a method in which a service provider with an IP backbone may provide 
VPNs (Virtual Private Networks) for its customers with MPLS (Multiprotocol Label 
Switching) is used for forwarding packets over the backbone (Abstract). It is 
inferred that this mechanism can be implemented in the head end of a cable 
system 26. Rosen et al. further discloses assigning packets to a particular site ( 
page 7 line 12-1 3). ..also a packet's destination address, is matched against a 
VPN-lpv4 route ("page 8 line 49-51). It is inferred that the packets contains the 
information of the device or node from which it came from). 
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Therefore it would have been obvious to one having ordinary skill in the art at the time 
of the invention was made to have a virtual networking administration in a data- over- 
cable-system as taught by Fijolek et al. matching a destination address against a VPN- 
Ipv4 route as taught by Rosen to provide a mechanism that will transmit packets to a 
specific VPN. 

However, the combination of Fijolek et al. and Rosen does not discloses 
mapping between the first node ID and the least one VPN( Kompella discloses 
configuring virtual private network identifiers interpreted as a "VPN" associated 
with customer edge devices identifier 1022 interpreted as " node address" , see 
col. 13 lines 52-67 and fig. 10). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to associating a VPN identifier to a customer edge 
device as taught by Kompella into Fijolek et al. modified system , combined with 
Rosen to provide a more scalable VPN infrastructure. 

With regard to claim 6, in combination Fijoleck et al. and Kompella teaches the 
apparatus recited in claim 5. However, Fijoleck et al. does not disclose means for 
mapping a particular sub-interface of the Head End to said particular VPN,( Rosen et 
al. discloses having a method in which a service provider with a IP backbone may 
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provide VPNs (Virtual Private Networks) for its customers with MPLS 
(Multiprotocol Label Switching) is used for forwarding packets over the backbone 
(Abstract). Rosen et al. discloses that one could divide the interface into multiple 
"sub-interfaces"... and assign the packets to a VPN based on the on the sub- 
interface over which it arrives (page 7 paragraph 3.1 line 11-17). 1 1 is inferred that 
this mechanism can be implemented in the head end of the data-over-cable- 
system and that the head end also can limited to a particular VPN. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. assign the packets to a VPN based on 
the on the sub-interface over which it arrives as taught by Rosen et al. to provide a 
mechanism that will restrict packets access into VPNs that are not assigned to the 
packet. 

7. Claims 7-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Fijolek et al. (US Patent 6,577,642) and Rosen et al. ("BGP/MPLS VPNs" 1999) and 
Kompella. ( US Patent 7,136,374) as applied to claim 5 above, and further in view of 
Gilbrech (US Patent 6,173,399 ). 

With regard to claim 7, in combination Fijolek et al. and Kompella teaches the 
apparatus recited in claim 5. further comprising: means for receiving at said Head End 
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device a packet from said first node, said packet including a destination address 
corresponding to a second node in the network, Fijolek et al. discloses having a head 
end of a cable system 26 in fig. I which has the means to send and receive packets 
from cable modems.., such configurations may be "one-to-one", "one-to-many" 
or "many-to- many" (column 7 line 20-38). Fijolek et al. further discloses having 
means for examining said packet to identify the ID of said first node; Fijolek et al. 
discloses the cable modem termination system 12 (CMTS) have the means of 
examining incoming packets with service identifiers (SID, column 15 Nne10-67); 
and means for using said ID at said Head End device to determine whether said first 
node is a member of at least one VPN, ( Fijoleck et al. discloses having a cable 
modem termination system 12a-c... also Fijoleck et al discloses a cable television 
network headend is a central location ( column 4 line 33-34). 

However, Fijoleck et al. does not disclose first node is a member of at least one 
VPN. Gilbrech discloses having a VPN unit processing packet by examining the 
source and destination address of the packet. Gibrech fulther discloses the VPN 
unit moderates data communication between members of a defined VPN group 
(column 2 line 45-48) and the VPN unit maintains a lookup table identifying 
members of a specific virtual private network groups. It is inferred that the VPN 
unit keeps record of an identifier of member in a table and each identifier is link to 
a virtual private network groups. 
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With regard to claim 8, in combination Fijoleck et al., Kompella, Rosen et al. 
and Gilrech teaches the apparatus recited in claim 7. However, Fijoleck et al. does not 
discloses that the first node is a member of a first VPN, determining at said Head End 
device whether the destination address of said packet is within said first VPN,( Rosen 
et al. discloses having a method in which a service provider with an IP backbone 
may provide VPNs (Virtual Private Networks) for its customers with MPLS 
(Multiprotocol Label Switching) is used for forwarding packets over the backbone 
(Abstract). It is inferred that this mechanism can be implemented in the head end 
of a cable system 26. Rosen et al. further discloses when a packets destination 
address interpreted as "destination address" is matched against a VPN-IPv4 
route interpreted as" first VPN" , see page 8 line 49-51). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. matching packets destination address 
against a VPN-IPv4 route (VPN) as taught by Rosen et al. to provide a mechanism that 
will restrict packets from entering in VPNs that they are not associated with. 

With regard to claim 9, in combination Fijoleck et al., Kompella, Rosen et al. 
and Gilrech teaches the apparatus recited in claim 7.further comprising means for 
routing the packet to the second node, (Fijoleck et at. discloses having a having a 
head end of a cable system 26 with a cable modem termination system 12 in fig. 1 
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routing packets to a cable modem and the system configurations may be "one- 
to-one", "one-to-many" or "many-to- many" interpreted as "routing to a second 
node" , see column 7 line 20-38 and fig. 1 ). It is inferred that the head end have 
the capability to route packets to other cable modems in the network. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) assigning a unique identifier SID within a packet as taught by Fijolek et al. 
being examined a VPN unit that associates identifying members with a virtual private 
network groups as taught by Gilbrech to provide a more secure cable network. 

8. Claim 11 is rejected under 35 U.S. C. 103(a) as being unpatentable over Fijolek 
et al. (US Patent 6,577,642) and Kompella. ( US Patent 7,136,374) as applied to claim 
1 0 above, and further in view of Rosen et al. ("BGP/MPLS VPNs '1 999). 

With regard to claim 11, in combination Fijoleck et al. and Kompella teaches the 
apparatus recited in claim 10. However, Fijoleck et al. does not disclose means for 
including mapping a particular sub-interface of the Head End to the first VPN. (Rosen et 
al. discloses that one could divide the interface into multiple "sub-interfaces" and 
assign the packets to a VPN based on the on the sub-interface over which it 
arrives (page 7 paragraph 3.1 line 11-17). 1t is inferred that this mechanism can be 
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implemented in the head end of the data-over- cable-system and that the head 
end also can limited to a particular VPN. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system as taught by Fijolek et al. assign the packets to a VPN based on the 
on the sub-interface over which it arrives as taught by Rosen et al. to provide a 
mechanism that will restrict packets access into VPNs that are not assigned to the 
packet. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DEWANDA SAMUEL whose telephone number is 
(571)270-1213. The examiner can normally be reached on Monday- Thursday 8:30- 
5:30 EST. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ricky Q. Ngo can be reached on (571) 272-3139. The fax 
phone number for the organization where this application or proceeding is assigned is 
571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/DeWanda Samuel/ 
Examiner, Art Unit 2416 
5/26/2009 



/Ricky Ngo/ 

Supervisory Patent Examiner, Art Unit 2416 



